Vulnerability CVE-2017-9646


Published: 2017-08-14

Description:
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Solarcontrols -> Heating control downloader 

 References:
http://www.securityfocus.com/bid/100261
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02

Copyright 2024, cxsecurity.com

 

Back to Top